⏪ Home
This course offers a comprehensive exploration of web security, aimed at fostering a deep comprehension of prevalent web attacks and their corresponding countermeasures. Given the prevailing vulnerabilities in the modern digital landscape, it is imperative for programmers and system designers to enhance their grasp of web security intricacies. The curriculum encompasses both foundational aspects and cutting-edge developments in web security.
Policy on Collaboration
While you are encouraged to engage in discussions regarding assignments with fellow students, refrain from sharing code or attack inputs. Discovering the ingenious solution to a challenge often brings a rewarding "aha moment." Having the solution provided
to you prematurely might deprive you of the most valuable aspect of this course. If you engage in conversations about an assignment with another student, please ensure to acknowledge their contribution in your submission. Remember, each
student is expected to formulate and document their solutions independently.
Rephrased from Here.
🌐 Class 1: Introduction to Web Security
Date: September 02, 2023
- Overview of Web Security and its importance
- What is a Website
- Introduction to Web Browsers, its components and their role in security
- Construction of URLs
- Reading: What is a URL?
- Reading: Part of a URL
- Understanding DNS. How DNS maps IP to URLs.
- Reading: What is DNS?
- Parameters, Query String, Relative Paths, Slugs
Assignment: TO BE SHARED
🌐 Class 2: Basics of Web Communication
- Basics of HTTP protocol and its security concerns
- Request and Response concepts in web communication
- Exploring Request and Response Headers and their significance
🌐 Class 2.5: OWASP Secure Headers Project
- What is OWASP?
- Introduction to OWASP Secure Headers Project
- Understanding HTTP headers for security enhancement
🌐 Class 3: Frontend Technologies and Inspection
- Introduction to HTML, CSS, and JavaScript
- Using "Inspect Element" for web page analysis & Other Developer Tools
- Reconnaissance techniques for gathering information
🌐 Class 4: Same Origin Policy and Cookies
- Same Origin Policy and its role in preventing unauthorized access
- Cookies, Sessions, and Caching: Functions and vulnerabilities
- Same-site Cookies: Importance and mitigating cross-site risks